That's how it was set up. Everyone has to send authentication to send out email. Or they're denied.
By the way, if your mail server forces authentication for everybody that tires to send mail through it, a solution that I've used in the past has been to is an intermediary mail server (typically on the same machine) that accepts connection from only localhost, that is setup to relay all it's mail to the real mail server, and that intermediate mail server has the authentication information to make the connection to the "real" mail server.
If the real mail server and the web server are already on the same machine perhaps you could accomplish this by running another smtp server for just witango to talk to on a different port (8025).
I had to do something very similar to this when we installed an Intranet appliation for a client at their location running on witango, and the mail actions needed to send mail though the company mail server (which is still hosted by us) We weren't about to trust any machines outside of our own subnet, so instead we configured the witango box to SMTP through itself, and that IIS SMTP server was setup to send all it's mail through our server by authenticating.
/John
Rick Sanders wrote:
Hi Roland, Thanks for your reply. Unfortunately, it's a little more complicated than that. The people relaying off the server, are using the email address of the domain hosted on the server. So, the spammers are using [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>, and it's going through without authentication because 127.0.0.1 is in the privileged IP range. Of course, turning off the 127.0.0.1 stops un-authorized relaying, but also stops the Tango server from sending auto email. Unless the Tango server can send a username & password for authentication. We've blocked a huge list of IP's, but they're spoofing IP's off other Comcast & AT&T DSL customers. Fun, fun, fun!
Hold on. Something’s amiss in your mail server setup.
IF you have relay enabled from 127.0.0.1 AND you have a mail server on the same machine AND you have authentication turned on for outside IP addresses, the mail server should still be requiring authentication from outside people trying to use you as an open relay.
I have that setup (webstar) and can see the steady stream of attempted relays being blocked.
You can turn authentication off for your internal and trusted networks, including 127.0.0.1 and the IP address of your witango machine Authentication required for everyone else Use your firewall/router not not let in IP spoofers using 127. Or your server’s IP address
Then, when the spammer is sending messages trying to exploit the open relay, the mail server will reject because the IP address is the originating machine or server, not your own. If they are trying to spoof your Ip address, the mail won’t get in.
Check your detailed smtp log and you’ll see where your hole is.
On 11/1/04 10:34 AM, "Rick Sanders" <[EMAIL PROTECTED]> wrote:
I have a client who's having email relay problems.
Basically, people are relaying off his email server. He's turned off relay for local sender addresses, and enabled SMTP authentication.
However, he's had to let his local machine IP 127.0.0.1 for access to the mail server, because WiTango needs to send automatic email. However, because of this, anyone can still relay mail off the server.
The question:
Is it possible for the WiTango server to send a username & password to the mail server for outbound authentication? I know that WiTango can use a specific email address, but can it send a Username & password for authentication?
The server is version 2000 with SP2.
Thanks in advance,
Rick Sanders
________________________________________________________________________ TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf
----------------------------------------- Roland Dumas Roberts Information Services 310 W. Bellevue Avenue San Mateo CA 94402 650-347-1373 415-412-9300 (cell) [EMAIL PROTECTED] SMS: http://new.servqual.com/html/sms.tml
________________________________________________________________________ TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf
________________________________________________________________________ TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf
________________________________________________________________________ TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf
________________________________________________________________________ TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf
